Primary

Context

Google Chrome Permission Prompts UI Spoofing Vulnerability

Vulnerability

Patched

A vulnerability allowing UI spoofing through a crafted Chrome extension has been identified in Google Chrome. This issue affects versions prior to 134.0.6998.35. The vulnerability arises from an inappropriate implementation in permission prompts, which could be exploited by an attacker to convince a user to install a malicious extension.

Impact

Exploitation of this vulnerability could lead to a UI spoofing attack, where an extension popup could obscure important permission prompts, such as those related to WebUSB access.

Reproduction

To reproduce this vulnerability, install a malicious Chrome extension designed to exploit the issue. Once the extension is installed, click anywhere on the page and press Ctrl+A. This action will trigger the extension popup, which can then appear over the WebUSB permission prompt, effectively obscuring it.

Remediation

Users can update to Google Chrome version 134.0.6998.35 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

5.8

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

5.8

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Google Chrome Permission Prompts UI Spoofing Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Google Chrome

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating